softforge-inc · NelsonDivyamLobo · Nov 19, 2025
diff --git a/setup.py b/setup.py
@@ -1,19 +1,25 @@
-from setuptools import setup, find_packages
-setup(
-    name="vuln-demo-pkg",
-    version="0.0.1",
-    description="Intentionally vulnerable demo using setup.py",
-    packages=find_packages(where="src"),
-    package_dir={"": "src"},
-    install_requires=[
-        "Flask==0.12",
-        "Jinja2==2.11.3",
-        "MarkupSafe==2.0.1",
-        "PyYAML==5.3.1",
-        "requests==2.20.0",
-        "urllib3==1.24.1",
-        "click==6.7",
-        "cryptography==2.3",
-    ],
-    entry_points={"console_scripts": ["vuln-cli=vulnpkg.cli:main"]},
-)
+FROM ubuntu:22.04
+ENV DEBIAN_FRONTEND=noninteractive PIP_NO_CACHE_DIR=1 PYTHONUNBUFFERED=1
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    ca-certificates curl git build-essential pkg-config \
+    python3 python3-pip python3-dev \
+    openssl libssl3 libxml2 libxslt1.1 zlib1g \
+    libjpeg-dev libpng-dev libfreetype6-dev libtiff5-dev libwebp-dev libopenjp2-7-dev \
+    libxml2-dev libxslt1-dev libssl-dev tcl tk \
+ && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /opt/project
+COPY . /opt/project
+
+RUN pip3 install --upgrade pip wheel
+RUN pip3 install "setuptools==58.0.4"
+
+# Flask 0.12 compatible pins
+RUN pip3 install "Jinja2==2.11.3" "MarkupSafe==2.0.1" "itsdangerous==1.1.0" "Werkzeug==0.16.1" "click==6.7"
+
+# install the package from this repo (setup.py)
+RUN pip3 install --no-build-isolation .
+
+EXPOSE 5000
+CMD ["python3","app/app.py"]